CVE-2026-21783 MEDIUM

CVE-2026-21783: HCL Traveler is affected by sensitive information disclosure

Vendor Hclsoftware
Product Traveler
Weakness CWE-209 · Error message info leak
Published March 24, 2026
Last update March 24, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL Traveler is affected by sensitive information disclosure.  The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.  Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.

Key dates

02Disclosure timeline

March 24, 2026 CVE published
March 24, 2026 Record updated